Remote Access Communities

Hello,

I am trying to configure a more complicated VPN setup for Remote Access but it doesn't look like it works the way i was expecting. There is only one Remote Access Community. In the manual we have the line:

"You can also create a new Remote Access VPN Community with a different name." but there is no instruction on how to do so. If i add new community i have only Star or Mesh options and they look like they are a bit different than the built in Remote Access.

1. First of all can i have more than one Remote Access Community per Gateway? I can edit VPN Domain per Remote Access but i can't really get how you can create a second Remote Access Community.

2. I know that there is one Office Mode Pool by default per gateway. If i need to allocate two different ip subnets to users connecting to the gateway based on Group/Username can i do it in any other way than stated in sk33422(Office Mode IP and ipassignment.conf file)? This one

3. For non-global split-tunnel we have thissk114882 where you can control tunneling mode based on group membership.

Re: Remote Access Communities

I will quote myself:

Internal VPN Users can access Full-Tunnel and all internal subnets and some pre-defined internet destinations with VPN GW NAT.

External VPN Users can access Split-Tunnel and just some pre-defined internet destinations with VPN GW NAT (the specific locations do source filtering and only allow the Customer Companies Subnet to access hence GW has to NAT)

All of this on only one Security Gateway

Internal VPN are employees, External VPN are contractors but everyone will obviously be accessing from the internet.